2-factor authentication, how to disable?


I suddenly noticed that 2-factor authentication is enabled on admin account and I can not login to hestia CP. My boss must have accidentally ticked this enable 2-way authentication without understanding what he is doing because he does not have even the recovery code!

So how can I gain accces and disable momentarily 2-way authentication? My shell access does work.

checkout v-delete-user-2fa in command line: https://github.com/hestiacp/hestiacp/blob/master/bin/v-delete-user-2fa

Thanks, that solved the problem! I am very pleased to Hestia CP. Keep up the good work & thank you very much!

Having this issue now, have shell access, but I don’t have a recovery code, never turned on 2FA for admin - and I just plain can’t get in & the v-delete-user-2fa doesn’t work. I have clients on this server so I can’t just reset the whole thing.


@calegendre This sounds like another issue, but I can’t tell you which one it was. What is your hestia version? Maybe @eris can give my brain a little push :slight_smile:.

I’ll get my version info to you in a moment. Thanks for a quick response. Rebooted my server and it let me into Hestia. But then the databases weren’t loading for any of the sites…restarted mysql, and now it’s normal again. Going to make sure I am updated to the current recommended version and go from there… could have just been a glitch…


I had similar issue after last hestia cp update. I had been sick for 2 weeks and that server had no maintainer and the hestia cp autoupdater kicked in. Seems to me there was not enough free disk space and that caused the update to success but it could not launch mariadb.
I cleaned up more disk space and after that everything worked like a charm.

So your issue calegendre seems very similat to mine but I am still sick and has had no time to dig to those server logs.

This was mainly my fault because you should all ways have enough spare disk on server. Nothing Hestia CP related I think. I do have logrotate in place but some systems on that server made some clutter outside housekeeping folders.

I try to test hestia 1.3.0 on one hacked server soon which I must clean up despite I am sick.
Keep up the great work & happy weekend,

@ScIT Good morning sir

i have this issue now, but i don’t have shell access ( Unfortunately i am admin user ) so what should i do ?

my hestia is the last version

Without shell access, you can’t disable 2fa anymore - you need to run the command above (solution), can also be runned as root.

if i restore droplet backup ( yesterday backup ) will disabled it ? @ScIT

It depends if the backup was made before / after you enabled the 2FA.


I am sorry, I have the same problem but I don’t know where is a log event to put the code? Give me a link please

v-delete-user-2fa username